Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp1395888pxx;
        Fri, 30 Oct 2020 09:02:35 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJySXRVjzjYfo0uX9oixk6D1HRyUSiWNw/UYDxxH1VUc9uP6Hc9sjyIfCWZrLSqkEcOJ1XFT
X-Received: by 2002:a19:7003:: with SMTP id h3mr1144138lfc.350.1604073755562;
        Fri, 30 Oct 2020 09:02:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1604073755; cv=none;
        d=google.com; s=arc-20160816;
        b=GfMQHqQrCqJsokp80j/bSj4M+bnywsijwy8+W8XTADHFf9EUSvCo2DUidMpG+88SD/
         /dMVDpY9016Ae6hRNH7U6cO/u+O0LTR/U1APqhpbeeNV7HvHn21TP1nJvdrg7Y+tiqAL
         vAmsgVhBB4smdtErrwM128QIwXMznBpwmIQ5YihHxfGCZsiyumvLEfa7Dg9viwtVydeF
         VOL5+sloS1RiexmeoKxWk/CKCr7DnGTFjNuXI8C0cS2pDlCEvVfDY08PTt1ZkcT97LSD
         e7oT0rdmSiMqBirVfm3nsGJXosNplx8+C3PZWbrklnPQH8m5UF+aS+Zyj4Bho1H7gkCs
         Egew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=FJhhKaIyk8d5QiGzRwV9qWluUhRo2iWvHmvdM4cgvQo=;
        b=oCINR5rrr7NZRCW7xIzPtpAyWfb2VtTMM1fgh20ey1E1awfusOAVxlm2R/QiPBWJqZ
         hiNO0eH6oUNicKhd7yUTz4W1M0PkW5czbGXXv+p3v1jZ5dzMn8iMKi9qI2mGAJXFaYTG
         XbFdG35EM3jzEzAKkVdiVI84Li3Puw/e92oFlP1kTVr1UoZBMZi/VMuctKrHRrEjK17P
         ZhUhyL6miB2Pj/f04ZY1XPn1vb4rC2VkYRvvWODI8Id6iXzdfm+t/245VInrYd0pGCdL
         veDxKjBFaoZqFQvFJlEaXiUYy4DZa3dgB63SCCyw5gfNOhtYUVdhwVPVrOAKhYPpF+AZ
         joqA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id d13si3093267lji.76.2020.10.30.09.02.06;
        Fri, 30 Oct 2020 09:02:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726396AbgJ3QAP (ORCPT <rfc822;zcyberian@gmail.com> + 99 others);
        Fri, 30 Oct 2020 12:00:15 -0400
Received: from foss.arm.com ([217.140.110.172]:38494 "EHLO foss.arm.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725939AbgJ3QAO (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 30 Oct 2020 12:00:14 -0400
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C38911435;
        Fri, 30 Oct 2020 09:00:13 -0700 (PDT)
Received: from C02TD0UTHF1T.local (unknown [10.57.53.28])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E2B453F719;
        Fri, 30 Oct 2020 09:00:06 -0700 (PDT)
Date:   Fri, 30 Oct 2020 16:00:04 +0000
From:   Mark Rutland <mark.rutland@arm.com>
To:     Jann Horn <jannh@google.com>
Cc:     Marco Elver <elver@google.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Alexander Potapenko <glider@google.com>,
        "H . Peter Anvin" <hpa@zytor.com>,
        "Paul E . McKenney" <paulmck@kernel.org>,
        Andrey Konovalov <andreyknvl@google.com>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Andy Lutomirski <luto@kernel.org>,
        Borislav Petkov <bp@alien8.de>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Christoph Lameter <cl@linux.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        David Rientjes <rientjes@google.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Eric Dumazet <edumazet@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Hillf Danton <hdanton@sina.com>,
        Ingo Molnar <mingo@redhat.com>,
        Jonathan Cameron <Jonathan.Cameron@huawei.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Joonsoo Kim <iamjoonsoo.kim@lge.com>, joern@purestorage.com,
        Kees Cook <keescook@chromium.org>,
        Pekka Enberg <penberg@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        SeongJae Park <sjpark@amazon.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Vlastimil Babka <vbabka@suse.cz>,
        Will Deacon <will@kernel.org>,
        the arch/x86 maintainers <x86@kernel.org>,
        "open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        kernel list <linux-kernel@vger.kernel.org>,
        kasan-dev <kasan-dev@googlegroups.com>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        Linux-MM <linux-mm@kvack.org>
Subject: Re: [PATCH v6 3/9] arm64, kfence: enable KFENCE for ARM64
Message-ID: <20201030160004.GE50718@C02TD0UTHF1T.local>
References: <20201029131649.182037-1-elver@google.com>
 <20201029131649.182037-4-elver@google.com>
 <CAG48ez11T4gXHkhgnM7eWc1EJQ5u7NQup4ADy75c1uUVPeWGSg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAG48ez11T4gXHkhgnM7eWc1EJQ5u7NQup4ADy75c1uUVPeWGSg@mail.gmail.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Oct 30, 2020 at 03:49:26AM +0100, Jann Horn wrote:
> On Thu, Oct 29, 2020 at 2:17 PM Marco Elver <elver@google.com> wrote:
> > @@ -312,6 +313,9 @@ static void __do_kernel_fault(unsigned long addr, unsigned int esr,
> >             "Ignoring spurious kernel translation fault at virtual address %016lx\n", addr))
> >                 return;
> >
> > +       if (kfence_handle_page_fault(addr))
> > +               return;
> 
> As in the X86 case, we may want to ensure that this doesn't run for
> permission faults, only for non-present pages. Maybe move this down
> into the third branch of the "if" block below (neither permission
> fault nor NULL deref)?

I think that'd make sense. Those cases *should* be mutually exclusive,
but it'd be more robust to do the KFENCE checks in that last block so
that if something goes wrong wrong within KFENCE we can't get stuck in a
loop failing to service an instruction abort or similar.

Either that, or factor out an is_el1_translation_fault() and only do the
KFENCE check and is_spurious_el1_translation_fault() check under that.

Thanks,
Mark.